Where Networking and Security Collide

Category: Meraki

No AnyConnect Support for Meraki MX….No Problem!

Anyconnect in a Meraki World

Meraki MX is one of the best selling products in Meraki history. Last year my team sold more MX than ASAs.
That said, customers commonly want to know about AnyConnect support for Meraki MX.
It simply isn’t there today….check out my video below on the use case of using Meraki MX + ASAv (Anyconnect VPN concentrator).

Useful Links


Learn how to build a campus network with Meraki switching

Meraki Campus Switching

I have been very impressed with the Meraki switching line.  Using Meraki switching you can now build out an entire campus network .  I typically see  the Meraki 400 series at the aggregation layer and 200/300 series in the closet.  In the following videos I will show you how to configure 425s at the aggregation stack and 350s at user layer.

Meraki Aggregation switch stack- In this video, you will learn how to configure stacking, spanning, layer 3 interfaces, and aggregation services for the Meraki 425 switching platform.


Meraki closet switch stack – In this video I will show you how to build a Meraki MS350 switch stack and how to configure a port channel between the closet and aggregation stacks.



Meraki Switch OSFP configuration – Learn how to configure OSPF on Meraki switches. Using my lab I will show you how to connect a Meraki OSPF network to a Cisco OSPF network.




Configuration links

Product Information


Meraki Network Access Control

Meraki Network Access Control

Check out the following videos to learn more about Meraki Network Access Control.

You can use the Meraki network to identify who is the user and  allow them access only to the resources they need. To implement NAC you only need a Meraki network and a radius server, no extra licensing required! The radius server can be a  free linux radius server, Cisco ISE, Windows 2012 R2 etc.

1.Meraki NAC Overview

2.Meraki NAC on Wireless Network

3. Meraki NAC on Wired Network

Useful links

1.Setup NPS on Server 2012 R2


2.Setup 802.1x authentication with NPS and Meraki Wireless Network


3.If you need to create your own self signed cert for Server 2012


4.Apply group policies based on radius tags


5.Creating and applying group policies


6.Configure 802.1 authentication with NPS and Meraki Wired Network


7.Dynamic vlan assignment Meraki Wired Network


8.Configure Windows 7 client for Wireless 802.1x authentication


9.Configure Windows 7 client for Wired 802.1x authentication


Meraki Group Policies

I keep hearing from my customers that we must make management easier so I wanted to quickly share with you about one of my favorite features called Meraki Group Policies. A Group Policy is a way to control network traffic in a Merak fabric. A Group Policy can control things like L3/L7 Firewall policies, Traffic shaping, content filtering (block gambling,streaming audio etc.), Advanced Malware Protection etc.

Here are some use cases for Group Policies. You can get creative as to how you want to apply them.

  1.  Identify a user (Tim Roth in HR) and build a group policy to control how much bandwidth I have for streaming audio and block me from talking to HR servers. A cool thing here is that you only need a radius server and Meraki fabric to make this happen, no additional licensing needed.
  2. Limit backup traffic during the day: For a remote site, we can create a Group Policy that is only applied during the day to limit backup traffic from saturating the WAN link. Then, when it is 5pm, the Group Policy is inactive and backup traffic can use the entire link.
  3. Identify guest clients, redirect them to authenticate through splash page and control where they can go, both internally and on the interwebs.
  4. Blacklist a rogue client: Say you receive an alert from Meraki Security Center that states you have a client that is spreading malware in your environment, simply go to the client view in your Meraki Dashboard, right click on the client and apply a Blacklist Group Policy directly. This Group Policy will halt the clients communication. VERY POWERFUL.

Meraki Group policies have been HUGE for some of my customers. They are leveraging the Meraki fabric to identify their clients and apply network control policies to them.  In most cases, they don’t have to go out and buy additional software, licensing etc. It’s like a real world network control system….that anyone can manage.

The following are ways to control traffic with Group Policies. As you can see some features are not universal to all platforms.  (Image from Meraki.com)


The next image highlights way to apply the Group Policies.


Check out this  link that provides more technical detail on Meraki Group Policies.


Stay tuned for future posts on Meraki Group Policies…..